Description
When an nginx web server implements an HTTP redirect by using the $uri or $document_uri variables within the redirection target location, the resulting configuration may be vulnerable to header injection.
Remediation
Implement the HTTP redirect with $request_uri instead of $uri or $document_uri.
References
Related Vulnerabilities
WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (2.0.225)
WordPress Plugin Chamber Dashboard Business Directory Cross-Site Scripting (3.2.8)
WordPress Plugin ZdStatistics Cross-Site Scripting (2.0.1)
WordPress Plugin YaySMTP-Simple WP SMTP Mail Cross-Site Scripting (2.2.1)